Microsoft’s Chromium Edge beta emerges along with a new $30k top prize bounty

Microsoft has kicked off a new bug bounty for its Chromium-based Microsoft Edge browser and is offering researchers up to $30,000 per bug for reporting issues.

Microsoft says it aimed to “complement” Google’s existing Chrome Vulnerability Reward Program, which also offers a top payout of $30,000 for a high quality bug report with a working exploit for issues like a sandbox escape.

The bounty a bit of a fringe contest at the moment and is aimed at bugs that can be reproduced on the freshest version of Microsoft's Chromium-based Edge browser, but that don’t work against the latest version of Chrome.

Microsoft announced its plans to develop Edge on Chromium in December and started releasing preview builds this April. Chromium Edge is no where near close to Google Chrome in terms of user adoption, but the Windows-maker today revealed that preview builds of the new Edge had been downloaded one million times across Windows and macOS desktops.

Canary builds are refreshed daily, while new developer builds are made available every week. New beta builds of Edge, which are “ready for every day use”, according to Microsoft, will be released roughly every six weeks.

The Microsoft Chromium-based Edge bug bounty offers up to $30,000 for “critical and important” security flaws found in builds released in the developer and beta channels.

That’s double the amount it offers for “critical remote code execution and design issues” in the current version of Edge that’s based on Microsoft’s EdgeHTML engine in the Windows Insider Preview slow ring.

“As we release Beta, we remain committed to delivering a high-quality product and nailing the fundamentals of a great browsing experience. Beta represents the most stable preview channel, as features are added to Beta only after they have cleared quality testing in first the Canary channel and then the Dev channel. Major version updates can be expected roughly every six weeks, alongside periodic minor updates for bug fixes and security,” said Joe Belfiore, corporate vice president of Windows.

The Chromium-based Edge beta channel is the final preview channel before the company officially launches the new version of Edge, though the company hasn't said when it intends to release a "stable" channel.

In the new beta build, Edge users should see changes it’s been testing in Canary and Developer releases, such as different layouts for the new tab page called “focussed”, “inspirational”, and “informational”.

At the moment, the new page tab displays Microsoft’s Bing search engine bar and there is no way for users to hide it, much like Google includes a non-removable Google Search bar on new tabs in Chrome.

Microsoft today revealed some of the top user requests it’s received through its previews. Among them was a request to hide the Bing search bar in the new tab page as well as the ability to sign in to the new browser with a Google account. At the moment, users can only sign into the new Edge with a Microsoft account.

Microsoft said it was "reviewing" these requests, but it's not likely the company would want to see its new Google-free Chromium browser used to support Google's internet services.

The top $30,000 reward for Chromium-based Edge is available under the Windows Defender Application Guard Program (WDAG) and requires an exploit can be used to elevate privileges of a user and perform a container escape from WDAG. Details about the new bug bounty are available here.

Increasing mandates around the security of personal data have made encryption for every business. Australian businesses are leading the world in the use of encryption to protect backups, payment-related data, and laptops – and yet they still have a long way to go before encryption is both ubiquitous and manageable.

Increasing use of encryption has created new challenges for enterprise security managers. Ever more-sophisticated encryption such as Perfect Forward Secrecy (PFS) protects data and may even boost your Google ranking – but it also provides a haven for malicious code that may use encryption to bypass enterprise security controls.

Copyright 2019 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.